Allegedly this piece of malware does the following:

It checks registry to see if there are any Delphi installed (it checks only for Delphi 4-7).

For each found instance of Delphi:

It makes a copy of SysConst.pas file and inject itself into it.

It compiles new SysConst.pas and places new infected dcu-file into Lib folder.

In theory what this means is that when you compile using Delphi with this on the system, the dcu will now have virus code which in turn makes your application a host for the virus.  Infected applications will hunt for un-infected Delphi installations, infect them, and those so infected will compile infected applications, which will look for another installation of Delphi when installed and so on…

The potential for a bot/Trojan using this technique, if not now then later, is quite real as you may appreciate;  if it is indeed the case.

You can read the full post on this by Clicking Here.

If  you know this to be a false positive or have any additional information, please use the contact form or comments section below and let me know so that I can update this post to reflect that information.

Two upcoming posts:

A review of a rather nice and affordable web logs analysis tool developed by a fellow Micro ISV

Some Micro ISV history put together from the perspective of a fellow Micro ISV who built a very successful business which he sold part of.

Related posts

• What’s Not To Like About Micro ISV Fails? Release Early? You’re Doing It Wrong! (14)
• “'IContainer' is ambiguous in the namespace 'System.ComponentModel” (2)
• Windows 7 – Subtle Imagery And Fishy Marketing (2)
• Why The World Actually Does Need Another Source Control Application (2)
• Visual Studio 2010 Beta – Monday May 18 – Fire Up The Virtual Machines! (2)